Debian Security Advisory

DSA-1521-1 lighttpd -- file disclosure

Julien Cayzac discovered that under certain circumstances lighttpd,
a fast webserver with minimal memory footprint, might allow the reading
of arbitrary files from the system. This problem could only occur
with a non-standard configuration.

For the stable distribution (etch), this problem has been fixed in
version 1.4.13-4etch6.